Army  Cyber  Command/2nd  ARMY 


CYBER 


AFCEA TECHNET  LAND 
FORCES  EAST 


“Toward  a  Tactical 
Common  Operating  Picture” 

LTC  Paul  T.  Stanton 


tc 


OVERALL  CLASSIFICATION  OF  THIS  BRIEF  IS 

UNCLASSIFIED/APPROVED  FOR  PUBLIC  RELEASE 

Transforming  Cyberspace  While  at  War. 

Can’t  Afford  Not  To!" 


“Second  to  None! 


i 


Report  Documentation  Page 


Form  Approved 
OMB  No.  0704-0188 


Public  reporting  burden  for  the  collection  of  information  is  estimated  to  average  1  hour  per  response,  including  the  time  for  reviewing  instructions,  searching  existing  data  sources,  gathering  and 
maintaining  the  data  needed,  and  completing  and  reviewing  the  collection  of  information.  Send  comments  regarding  this  burden  estimate  or  any  other  aspect  of  this  collection  of  information, 
including  suggestions  for  reducing  this  burden,  to  Washington  Headquarters  Services,  Directorate  for  Information  Operations  and  Reports,  1215  Jefferson  Davis  Highway,  Suite  1204,  Arlington 
VA  22202-4302.  Respondents  should  be  aware  that  notwithstanding  any  other  provision  of  law,  no  person  shall  be  subject  to  a  penalty  for  failing  to  comply  with  a  collection  of  information  if  it 
does  not  display  a  currently  valid  OMB  control  number. 


1.  REPORT  DATE 

AUG  2012 

2.  REPORT  TYPE 

3.  DATES  COVERED 

00-00-2012  to  00-00-2012 

4.  TITLE  AND  SUBTITLE 

Transforming  Cyberspace  While  at  War...Can’t  Afford  Not  To! 

5a.  CONTRACT  NUMBER 

5b.  GRANT  NUMBER 

5c.  PROGRAM  ELEMENT  NUMBER 

6.  AUTHOR(S) 

5d.  PROJECT  NUMBER 

5e.  TASK  NUMBER 

5f.  WORK  UNIT  NUMBER 

7.  PERFORMING  ORGANIZATION  NAME(S)  AND  ADDRESS (ES) 

Army  Cyber  Command/2nd  ARMY, Fort  Belvoir,VA, 22060 

8.  PERFORMING  ORGANIZATION 

REPORT  NUMBER 

9.  SPONSORING/MONITORING  AGENCY  NAME(S)  AND  ADDRESS  (ES) 

10.  SPONSOR/MONITOR’S  ACRONYM(S) 

11.  SPONSOR/MONITOR’S  REPORT 
NUMBER(S) 

12.  DISTRIBUTION/AVAILABILITY  STATEMENT 

Approved  for  public  release;  distribution  unlimited 

13.  SUPPLEMENTARY  NOTES 

Presented  at  the  AFCEA  TECHNET  LAND  FORCES  EAST  Conference,  Aug  14-16, 2012,  Baltimore,  MD 

14.  ABSTRACT 

15.  SUBJECT  TERMS 

- 1 - 

- 1 - 

16.  SECURITY  CLASSIFICATION  OF: 


a.  REPORT 

unclassified 


b.  ABSTRACT 

unclassified 


c.  THIS  PAGE 

unclassified 


17.  LIMITATION  OF 
ABSTRACT 

Same  as 
Report  (SAR) 


18.  NUMBER 
OF  PAGES 

19 


19a.  NAME  OF 
RESPONSIBLE  PERSON 


Standard  Form  298  (Rev.  8-98) 

Prescribed  by  ANSI  Std  Z39-18 


an 


■Vs 


fr 


Army  Cyber  Command/2nd 


ARMY 


Agenda 


•  Why  a  new  COP? 

•  Unified  Land/Cyber  operations 

•  Distributed  analytics  and  COP 

•  Consistency  and  commonality 

•  Considerations  for  tactical  edge 

•  Questions  and  discussion 
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Why  Another  COP? 


•  Operations  in  the  Unified  Land/Cyber  domain  require 
effective  Mission  Command 


•  Mission  Command  is  enabled  by  analyzing  and 
visualizing  the  operational  environment  to  provide 

situational  understanding  that  supports  leader 
decision-making  in  real-time 


•  Existing  approaches  lack  integration 


"Mission  command  supports  our  drive  toward 
operational  adaptability  by  requiring  a  thorough 
understanding  of  the  operational  environment..." 
-  GEN  Dempsey 
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Land/Cyber 


Cyberspace  Domain 


Operational 

Adaptability 


CYBERSPACE 
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Unified  Effects 


UNIFIED  OPERATIONS 

e.  Scope,  Speed,  Access,  Force  (Small/p< 


•  This  is  leader's  business 


-  »  (Classical  Domain) 

°'assical  Force  /  Physical  Presence 


Prevent 


Shape 


W  IN 
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Mission  Command  applies  unified  force  (Land  and  Cyber)  to 
establish  optimal  combination  of  effects  to  achieve  objectives 

“Second  to  None!" 


4 


Army  Cyber  Command/2nd  ARMY 


Warfighting  Platform 
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Influence 

IflSM 

•  Treat  the  network  as  a  Weapon  System 

•  Embrace  cyberspace  as  a  contested  domain 

•  Strong  2-3-6  integration 
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Example  “Terrain” 


Adversary 

Malware 

Malware  developers 
Malware  protocols 
Exploits 

Exploit  developers 
Origin  networks 
Callback  domains 
Botnets 

Compromised  credentials 


Political 
Military 
Economic 
Social 

Information 
Infrastructure 
Physical  Environment 
Time 


Common 

•  Hosts 
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•  Network  Infrastructure 

•  Operating  system 

•  Applications 

•  Architecture 


Friendly 

Host-based  protection 
Sensors 

Offensive  capabilities 
Incident  responders 
Users 

Perimeter  protection 
Points  of  presence 
Operators 
Passwords,  CAC,  PKI 


Big  data,  complexity  of  interaction  /  relationships 
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•  “Seeing”  the  battlefield 
requires  cloud  Big  Data 
analytics 

-  Terrain  is  data 

-  Terabytes  daily,  petabytes  of 
historic  data 

-  Distributed  data  collection  and 
computation 


•  Cloud  vs  Database 

-  Databases  optimize  storage 
efficiency 

-  Cloud  uses  “cheap”  hardware  to 
process  in  parallel 


Time(secJ 


Big  Data  Solution 


0  2  4  6  S  10 

Number  of  Vertices  (In  millions) 
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Enabling  Mission 
Command 


Visualization  that  supports  leader  decisions 


*  This  is  leader's  business 


: 


Mission  command 
emphasizes  the 
importance  of  context 
-  GEN  Dempsey 
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Key  Terrain 


•  Mission  focused  overlays 


Network  + 
Applications  + 
Users 
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Anatomy  of  Visualization 


Commander's  Critical 
Information  Requirements 


"It  really  is  the  commander's  coup  d'ceil,  his 
ability  to  see  things  simply, ...  that  is  the 
essence  of  good  generalship."  --  Clausewitz 


Considerations 

•  Data  fidelity 

•  Scope  of  responsibility 

•  Data  quantity  /  access 
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System  Architecture 


f  *  \> 

•  Enforce  compliance  with  basic  standards 

•  Support  IT  reform 
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Decision 


Cloud  Architecture 


Army  Cyber 
Ops  Center 


Cyber  Center 


Predictive 
Analysis  (l&W) 


Mission 

Filter 


Targeting 


Enemy 

Situation 


Friendly 
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Open 

Source 


Common  architecture,  common  data, 
common  suite  of  pluggable  visualization  tools  I 
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Reaching  the  Edge 


Extended  Cyber  Enterprise  by  Echelon 
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Integrated  Push/Pull  Capabilities 


*  Build 

*  Operate 

*  Maintain 

*  Defend 

*  EW 

*  KM/O 


Exploit 

Attack 

Integrate 

Influence 

EMSO 

Intelligence 


"Understanding  in  mission  command  must 
flow  from  both  bottom-up  and  top-down"  - 
Mission  Command  Whitepaper,  3  Apr  2012 
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Consistency  and 
Commonality 


•  Underlying  architecture  supports  collaboration 

•  “Common”  COP  at  echelon 

•  Local  “drill-down”  view  for  OE-related  decisions 
•  Key  terrain 


Push  metadata 
Pull  data 


•  PIR/NAIs 


•  Localized  predictive  algorithms 
Data  /  visualization  subject  to  authorization 
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Tactical  Considerations 


Transition  networks  to  a  warfighting  platform 
Workforce 


-  Soldier  and  leader  education  and  training 

-  Manpower 


•  Conduct  training  and  leader  development 

•  Make  people  the  centerpiece 

^  j 


Physical  limitations:  bandwidth,  power,  connectivity 

Authorities 

Security 

Cost 
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Distributed  Systems 


CAP  Theorem 

-  Consistency 

-  Availability 

-  Partition  Tolerance 

Cloud  storage  -  solution  is 
mission  dependent 

-  Facebook 

-  Military  mission 


System  design  must  account  for  network  partitions  that  will 

be  common  in  tactical  environments 
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Way  Ahead 


Goal 

Analyze  and  visualize  the  operational  environment  to  provide  situational 
understanding  that  supports  leader  decision  making  in  real-time 


Army  Cyber  and  NETCOM  Initiative: 


2  node  proof  of  concept 
Support  to  an  Army  Command 
Participation  from: 

•  Carnegie  Mellon  University  /  Software  Engineering  Institute 

•  MITRE 

•  Sandia  National  Laboratories 

•  Army  Research  Laboratories 
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Land/Cyber  Synergy 


Decision  support  to 
Prevent,  Shape,  Win 


Global  Environment  O 


I  Environment 
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Summary 


A  tactical  COP  must  account  for  unified 
Land/Cyber  operations 

Cloud-enabled  commonality  stems  from 
data,  architecture,  and  pluggable 
visualization  tools 

Tactical  deployment  must  account  for  hard 
distributed  system  problems 
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QUESTIONS  AND  DISCUSSION 
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